Basic EFI Virtual Machine
A simple EFI-based VHDX virtual machine with essential packages:core-efi.json
{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "core",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/hyperv-packages.json",
"packagelists/core-packages-image.json",
"packagelists/cloud-init-packages.json",
"packagelists/virt-guest-packages.json"
],
"KernelOptions": {
"default": "kernel"
},
"Hostname": "azurelinux",
"DisableRpmDocs": true,
"OverrideRpmLocales": "NONE"
}
]
}
Legacy BIOS Boot
A legacy BIOS-based VHD image:core-legacy.json
{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 2048,
"Artifacts": [
{
"Name": "core",
"Type": "vhd"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["grub"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "legacy",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": ""
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/hyperv-packages.json",
"packagelists/core-packages-image.json",
"packagelists/cloud-init-packages.json",
"packagelists/virt-guest-packages.json"
],
"KernelOptions": {
"default": "kernel"
},
"Hostname": "azurelinux",
"DisableRpmDocs": true,
"OverrideRpmLocales": "NONE"
}
]
}
FIPS-Compliant Image
A FIPS 140-2 compliant image with SELinux:core-fips.json
{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 2048,
"Artifacts": [
{
"Name": "core",
"Type": "vhd"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["grub"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "legacy",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": ""
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/hyperv-packages.json",
"packagelists/fips-packages.json",
"packagelists/core-packages-image.json",
"packagelists/core-tools-packages.json",
"packagelists/cloud-init-packages.json",
"packagelists/selinux.json",
"packagelists/virt-guest-packages.json"
],
"KernelOptions": {
"default": "kernel"
},
"KernelCommandLine": {
"ExtraCommandLine": "fips=1",
"SELinux": "permissive"
},
"Hostname": "azurelinux"
}
]
}
Azure Marketplace Image (Gen2)
An Azure Marketplace Generation 2 image with three partitions:marketplace-gen2.json
{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 5000,
"Artifacts": [
{
"Name": "cblmariner-gen2",
"Type": "vhd"
}
],
"Partitions": [
{
"ID": "efi",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 65,
"FsType": "fat32"
},
{
"ID": "boot",
"Start": 65,
"End": 565,
"FsType": "ext4"
},
{
"ID": "rootfs",
"Name": "rootfs",
"Start": 565,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "efi",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "boot",
"MountPoint": "/boot"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/core-packages-image.json",
"packagelists/marketplace-tools-packages.json",
"packagelists/azurevm-packages.json",
"packagelists/hyperv-packages.json"
],
"AdditionalFiles": {
"additionalconfigs/cloud-init.cfg": "/etc/cloud/cloud.cfg",
"additionalconfigs/chrony.cfg": "/etc/chrony.conf",
"additionalconfigs/wait-for-ptp-hyperv.conf": "/etc/systemd/system/chronyd.service.d/wait-for-ptp-hyperv.conf",
"additionalconfigs/51-ptp-hyperv.rules": "/etc/udev/rules.d/51-ptp-hyperv.rules"
},
"PostInstallScripts": [
{
"Path": "additionalconfigs/configure-systemd-networkd.sh"
}
],
"KernelOptions": {
"default": "kernel"
},
"KernelCommandLine": {
"ExtraCommandLine": "console=ttyS0"
},
"Hostname": "azurelinux"
}
]
}
SELinux Enforcing Mode
An image with SELinux in enforcing mode:core-efi-selinux.json
{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "core",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/hyperv-packages.json",
"packagelists/core-packages-image.json",
"packagelists/cloud-init-packages.json",
"packagelists/selinux-full.json",
"packagelists/virt-guest-packages.json"
],
"KernelCommandLine": {
"SELinux": "permissive"
},
"KernelOptions": {
"default": "kernel"
},
"Hostname": "azurelinux"
}
]
}
Container Rootfs
A compressed rootfs for containers (no partitions):core-container.json
{
"Disks": [
{
"Artifacts": [
{
"Name": "core",
"Compression": "tar.gz"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"PackageLists": [
"packagelists/core-packages-container.json"
],
"Hostname": "azurelinux"
}
]
}
Image with Custom Scripts
An image with post-install and finalize scripts:{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "custom",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/core-packages-image.json",
"packagelists/cloud-init-packages.json"
],
"PostInstallScripts": [
{
"Path": "scripts/configure-networking.sh"
},
{
"Path": "scripts/install-monitoring.sh",
"Args": "--agent prometheus"
}
],
"FinalizeImageScripts": [
{
"Path": "scripts/cleanup.sh"
}
],
"AdditionalFiles": {
"configs/app-config.yaml": "/etc/myapp/config.yaml",
"keys/service-account.json": [
{
"Path": "/etc/myapp/credentials.json",
"Permissions": "600"
}
]
},
"KernelOptions": {
"default": "kernel"
},
"Hostname": "custom-host"
}
]
}
Multi-User System
An image with configured users:{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "multiuser",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/core-packages-image.json",
"packagelists/ssh-server.json"
],
"KernelOptions": {
"default": "kernel"
},
"Users": [
{
"Name": "root",
"PasswordHashed": true,
"Password": "$6$rounds=4096$saltsaltsal$hashedpassword"
},
{
"Name": "admin",
"UID": "1001",
"Password": "ChangeMe123!",
"PrimaryGroup": "wheel",
"SecondaryGroups": ["docker", "libvirt"],
"HomeDirectory": "/home/admin"
},
{
"Name": "serviceaccount",
"UID": "2001",
"Password": "!",
"StartupCommand": "/usr/sbin/nologin",
"HomeDirectory": "/var/lib/myservice"
}
],
"Hostname": "azurelinux"
}
]
}
Network-Configured System
An image with static network configuration:{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "networked",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/core-packages-image.json"
],
"KernelOptions": {
"default": "kernel"
},
"Networks": [
{
"BootProto": "static",
"Ip": "192.168.1.100",
"NetMask": "255.255.255.0",
"GateWay": "192.168.1.1",
"OnBoot": true,
"NameServers": ["8.8.8.8", "8.8.4.4"],
"Device": "eth0"
}
],
"Hostname": "static-host"
}
]
}
IMA and Security Hardening
An image with Integrity Measurement Architecture:{
"Disks": [
{
"PartitionTableType": "gpt",
"MaxSize": 4096,
"Artifacts": [
{
"Name": "hardened",
"Type": "vhdx"
}
],
"Partitions": [
{
"ID": "boot",
"Flags": ["esp", "boot"],
"Start": 1,
"End": 9,
"FsType": "fat32"
},
{
"ID": "rootfs",
"Start": 9,
"End": 0,
"FsType": "ext4"
}
]
}
],
"SystemConfigs": [
{
"Name": "Standard",
"BootType": "efi",
"PartitionSettings": [
{
"ID": "boot",
"MountPoint": "/boot/efi",
"MountOptions": "umask=0077"
},
{
"ID": "rootfs",
"MountPoint": "/"
}
],
"PackageLists": [
"packagelists/core-packages-image.json",
"packagelists/selinux-full.json"
],
"KernelOptions": {
"default": "kernel"
},
"KernelCommandLine": {
"ImaPolicy": ["tcb", "appraise_tcb"],
"SELinux": "force_enforcing",
"ExtraCommandLine": "audit=1"
},
"EnableHidepid": true,
"Hostname": "secure-host"
}
]
}
Configuration Tips
Choose the Right Boot Type
Choose the Right Boot Type
- Use
efifor modern systems and Azure Gen2 VMs - Use
legacyfor Azure Gen1 VMs or older systems - Match partition flags to boot type (
esp/bootfor EFI,grubfor legacy)
Optimize Image Size
Optimize Image Size
- Set
DisableRpmDocs: trueto exclude documentation - Set
OverrideRpmLocales: "NONE"to exclude locales - Use minimal package lists for smaller images
- Choose appropriate
MaxSizefor your needs
Security Considerations
Security Considerations
- Use hashed passwords (never plain text in production)
- Enable SELinux for mandatory access control
- Consider IMA policies for file integrity
- Use
EnableHidepidto restrict process visibility
Package List Order
Package List Order
- Put essential packages first
- Add feature-specific packages in the middle
- Place
initramfspackages last for speed - Keep kernel packages in
KernelOptions, notPackageLists
Validation
Before building, validate your configuration:imageconfigvalidator --config myconfig.json
Next Steps
Build Images
Learn how to build images from configurations
Image Customizer
Customize existing images
Disks and Partitions
Configure disk layouts and partitions
Package Lists
Learn more about package lists